From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050322 Firefox/1.0.2 Red Hat/1.0.2-1.4.1 Description of problem: The system-config-network tool with the choices for both hosts: Nickname: ipsec0 Host to Host Encryption Manual with a fixed key (use the same keys in both hosts) Provide the IP address of the end point (s) at each host After running ifup ipsec0 on both hosts, I can see packets leaving for the IPsec host to host destination, and arriving at the destination with tcpdump. They appear to be encapsulated ok, but tcp communications seems to be impossible. It does not work. I altered the /etc/sysconfig/network-scripts/ifup-ipsec file (See the attached one) and it now works. SPI_AH_IN and SPI_AH_OUT, and SPI_ESP_IN and SPI_ESP_OUT seem to be round the wrong way. Version-Release number of selected component (if applicable): initscripts-7.93.11.EL-1 How reproducible: Always Steps to Reproduce: 1.Run system-config-network to configure host to host encryption 2. Do ifup ipsec0 on the two hosts 3. Try sending and receiving packets to and from the two hosts Actual Results: No tcp communication through the encrypted link can happen Expected Results: tcp communication should work Additional info: Note that I have not tested any other configurations, just the host to host 'transport' mode. This affects Red Hat Enterprise Linux 3, 4 and Fedora Core.
Created attachment 113277 [details] Altered ifup-ipsec file Full file with alterations to 'make it work'
*** This bug has been marked as a duplicate of 155149 ***